如何允许来自网络外部外部站点的内部MVC Web Api [英] How to allow internal MVC Web Api from external site outside the network
问题描述
我有一个MVC Web API(托管在IIS中),它位于wwwroot文件夹中,并且可以在网络中本地访问.我可以执行如下所示的api调用:http://mylocalapi:133/api/Values/Get并得到结果.
I have a MVC Web API (hosted in IIS) which is in the wwwroot folder and locally accessible within the network.I can execute api calls like this: http://mylocalapi:133/api/Values/Get and I get a result.
我有一个外部站点http://example.org,我想执行相同的http://mylocalapi:133/api/Values/Get.
I have an external site which is http://example.org and I would like to execute the same http://mylocalapi:133/api/Values/Get.
面向外部的站点和内部API站点都托管在同一台服务器上(但是可以不同,例如网络外部的第三方供应商)
Both the external facing site as well as the internal API site is hosted on the same server (but it can be different, for example a 3rd party vendor outside of the network)
我在API中设置了CORS,如下所示:
I have CORS set up in my API like this:
[EnableCors(origins: "http://example.org", headers: "*", methods: "*")]
但是我不断收到以下错误:
But I keep getting the following error:
XMLHttpRequest cannot load http://mylocalapi:133. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.org' is therefore not allowed access.
所以要解决它,我在外部站点中创建了一个虚拟目录(APICALLS),并创建了一个web.config文件,该文件指向本地IIS站点:
So get around it, I created a virtual directory (APICALLS) in my external site and created a web.config file which will point to the local IIS site:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpRedirect enabled="true" destination="http://mylocalapi:133" exactDestination="true" />
</system.webServer>
</configuration>
这样做时,我尝试像这样访问API:http://example.org/APICALLS/api/Values/Get,但出现以下错误:
When I do that, I try to access the API like this: http://example.org/APICALLS/api/Values/Get but I get the following error:
XMLHttpRequest cannot load http://mylocalapi:133. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.org' is therefore not allowed access.
我做错了什么以及如何解决该问题.
What am I doing wrong and how can I resolve the issue.
推荐答案
您无法从JavaScript访问仅内部站点,因为JavaScript在最终用户计算机上的客户端内部网络外部运行.通过JavaScript访问API的唯一方法是1)将API暴露给外部网络,或2)在外部站点中创建代理.
You cannot access an internal-only site from JavaScript, as JavaScript runs client-side, on the end-user's machine, outside of your internal network. The only way to hit the API via JavaScript is to either 1) expose the API to the external network or 2) create a proxy within your external site.
代理基本上是一个或多个提供外部访问的操作,然后将调用转换为内部API.最简单的说,您可以执行一个基本响应的操作,例如:
The proxy would be basically an action or actions that offer external access, and then translate the calls to your internal API. At the simplest, you could have a single action that basically responds to something like:
https://foo.com/api?endpoint=/internal/api/endpoint/&someParam=foo
然后,该操作将在查询字符串中获取此信息,并使用该信息通过类似HttpClient的方式向您的内部API发出请求.但是,这种方法几乎公开了您的整个内部API,因此您最好将其移到外面.更好的方法是为需要通过JavaScript进行的特定内部API调用创建特定的端点(操作方法).
The action would then take this information in the query string and use that to make a request to your internal API via something like HttpClient. However, this approach pretty much exposes your whole internal API, so you might as well just move it outside at that point. The better approach would be to create specific endpoints (action methods) for specific internal API calls you need to make via JavaScript.
更新
在没有上下文的情况下很难为您提供任何实际的指导.假设有一个内部API端点返回一个小部件列表,而您想通过AJAX检索此小部件列表.您将需要以下内容:
It's difficult to give you any real direction here without context. Let's say that there's an internal API endpoint that returns a list of widgets and you want to retrieve this list of widgets via AJAX. You would need something like:
public async Task<ActionResult> GetWidgets()
{
// fetch widgets from internal API via HttpClient
return Json(widgets, JsonRequestBehavior.AllowGet);
}
然后,您的AJAX将在您的网站上调用此操作方法的URL,该方法在后台调用了内部API.
Then, your AJAX would call the URL for this action method on your website, which under the hood calls the internal API.
这篇关于如何允许来自网络外部外部站点的内部MVC Web Api的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
